{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2820f526-27dc-5c6e-ad9b-06df1ca39810", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.1.5.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2c6f8ddd-152e-53fc-b77f-e51835d99b05", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fe51b67-98d5-5b1f-9531-bbb184065f8e", "id": "CVE-2020-5398", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5398 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7b35816-1a19-5a2b-ac90-750ba5d9daca", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:663ffc96-5c4a-5685-abea-557114812a31", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce4349e5-a3ea-5a43-9c61-798de5062ff2", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4aef3c4-66cb-500b-92dc-18c2cb12fe5d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e0f83d3-c7e8-5ab0-933e-e46446be36bb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05fdf09d-f16e-53e9-9bd8-419f5dbddea4", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:889abb2d-d013-5a67-bd94-25190776d84b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbbf6b58-0bcd-5ac2-89c0-092a3d0a501c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b21d735-71f1-5a0c-bbe3-ec35fc0bb23d", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12d9d035-90c0-5c27-844d-719a6919381a", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cabdf695-f892-5893-87a9-ed4a0307ed95", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:417cd2f8-38a5-5bcf-a428-267a53a1c670", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecc81223-7f2f-5ec3-8896-a5b1498acd9c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9027d3a3-8e4d-5bd2-81a1-b5ed5fa780f8", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81b2e89e-c19b-5ae3-a378-c21f40b56d02", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-orm 5.1.5.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee2d054d-4e42-599b-b480-1cb345e7be3c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0991559-aca4-5395-b308-a32a488759f4", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e7378a6-d4f2-51ef-90a1-2c65117fa61a", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c3d79d2-d494-5045-b3a0-a7d85ea37a31", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ec20557-78dc-5ec6-8fd4-b78513cb2823", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64655ae4-3d07-5e1a-9633-26a314b43bb6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1aaad40-9bef-5ac9-a146-e33e6a44db55", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb5bf3d4-636d-59fa-8664-b99408ecbd32", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.1" } ] }